Fraudulent robocalls are a threat around the world. Many of these employ call spoofing, a practice in which voice carriers and aggregators intentionally falsify caller ID information to gain an illegitimate advantage. Call spoofing allows for many different types of fraud, such as Wangiri (short or false missed calls generated to leave a notification on the customer’s screen requesting a call back), social engineering calls (people who claiming to be from a trusted company for personal or financial information) and robocalling (where scammers use an auto-dialer that can generate millions of calls within hours). The intent behind these calls ranges from simply maximizing the called party’s chances of answering the call to being part of a larger fraud scheme to steal identities, financial details and more.

According to a report from Juniper Research, fraudulent robocalls will cost customers $40 billion in 2022, compared to $31 billion in 2021. The report predicts that North America will be the region most affected by fraudulent robocalling, accounting for 45 percent of the total. its global losses this year, despite representing only five percent of mobile subscribers.

To counter the wave of fraudulent robocalls, the telecommunications industry is implementing several strategies. These include one of the prominent standards known as STIR/SHAKEN, short for “Secure Telephone Identity Revisited” (STIR), and “Signature-based Handling of Asserted information using toKENs” (SHAKEN). The Juniper Research report, developed and implemented in the US, recommends that other regions adopt STIR/SHAKEN to standardize the role of stakeholders in reducing financial losses from fraud.

The STIR/SHAKEN framework uses digital certificates based on common public key cryptography techniques to ensure that a phone call number is secure. The deadline for implementing the framework for voice service providers in the US was June 30 last year (2021). The FCC has issued a public notice stating:

“Those voice service providers and intermediary providers without extension or exemption from the STIR/SHAKEN implementation deadline that do not implement the authentication framework by June 30, 2021, and those voice service providers that have the required certification and accompanying information in the Robocall Mitigation Database by this date may be the subject of appropriate enforcement measures…. From September 28, 2021, intermediary and voice service providers will not be allowed to accept traffic directly from voice service providers that are not listed in the database.”

And yet, Juniper Research shows that the costs for customers of fraudulent robocalls will increase by about 30 percent by 2022.

So, what else needs to be done? Telecommunications providers are far from spoof-free networks. Implementing STIR/SHAKEN standards is a step in the right direction. And while STIR/SHAKEN can be praised for its advantages, it also has shortcomings.

Using the framework alone does not guarantee that service providers can detect and block fraudulent robocalls. STIR/SHAKEN is expensive to implement, only works if all operators have it, and even then it doesn’t guarantee success. It also only works on IP-based networks and therefore cannot be a universal solution as many areas still have non-IP telecom services.

Take the case of Ofcom, the UK communications regulator, which plans to completely retire copper lines by January 2025 and adopt VoIP from the PSTN as a step towards implementing STIR/SHAKEN. However, the UK does not have a national telephone number database of assigned numbers. Canada and France are in a similar situation.

Fraudsters are constantly looking for clever ways to circumvent stronger security protocols and quickly adapt to obstacles. Because these fraudulent calls can come from anywhere in the world, countries and their legitimate telecom service providers must work together to create interoperable standards that can eradicate the threat of illegal and malicious robocalls.

Robocall mitigation programs should include detailed practices that can help stop illegal calls at the source, monitor customers when setting up service, monitor traffic for suspicious ring patterns, and take appropriate and timely action when fraudulent calls are acknowledged.

The implementation of advanced analytical solutions across the telecom network, based on real-time signaling level analysis combined with machine learning, can provide a new proactive approach to identifying these fraudulent robocalls. When the system identifies a fraudulent or illegal call, it can cancel the call in real time, preventing it from reaching its intended purpose. Suspicious calls can be tagged as ‘probably spam’ so that the target ‘customer’ is warned in advance and can choose whether to answer or not. Just like websites take down ‘robots’, a CAPTCHA system can also ask the caller to enter a random three-digit code to complete the call. Since this cannot be completed by an auto-dialer, these fraudulent calls can be terminated automatically.

STIR/SHAKEN does not currently cover text messages, so the industry should also look at how customers can identify spam messages and receive real-time notifications about suspicious messages and block them accordingly.

Robocalls, automatic dialing, computer-generated calls – however they are described – are becoming an increasing threat. They are a nuisance at best and the cause of significant financial loss for many scammed consumers at worst. They are also hugely damaging to the reputation and revenue of communications service providers.

To tackle the problem of fraudulent robocalls, communication service providers worldwide must coordinate to address this problem. Regulators should also come together and study the effectiveness of STIR/SHAKEN’s standards and other mitigation efforts, then agree on a clear and aggressive strategy to stop these criminal activities.

This post Why the telecom industry should look to a multi-layered defense mechanism to fight illegal and malicious robocalls (Reader Forum)

was original published at “https://www.rcrwireless.com/20220310/opinion/readerforum/why-the-telecom-industry-needs-to-look-at-a-multi-tier-defense-mechanism-to-combat-illegal-and-malicious-robocalls-reader-forum”